edit-spec
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the
npx vigilesCLI, specifically for setup (npx vigiles setup), compilation (npx vigiles compile), and validation (npx vigiles check). These operations are necessary for the skill's primary function of maintaining documentation source files. - [EXTERNAL_DOWNLOADS]: The use of
npxinvolves downloading and executing thevigilespackage from the npm registry. This is a standard practice in Node.js development environments for running CLI tools without global installation. - [DATA_EXPOSURE]: The skill processes project-specific specification files (e.g.,
CLAUDE.md.spec.ts,AGENTS.md.spec.ts) to update build artifacts. It does not attempt to access sensitive system files, environment variables, or credentials. - [PROMPT_INJECTION]: The skill includes an indirect prompt injection surface as it reads content from external specification files. However, these files are part of the local project repository and are used as structured data for the documentation tool.
Audit Metadata